From Figure 1, what we can see clearly is the sudden rise in Java exploitation, as explained in the conclusion. As the HTML/JS category is usually used in delivering other exploit vectors (for example, Blacole pages leading to other Java and PDF, SWF exploits), Java malware is the most prevalent exploit vector that actually tries to exploit vulnerabilities in the software since 2011 .

Figure 2 shows the breakdown of individual Java exploits. In 2012 we saw four different Java vulnerabilities were used most, CVE-2012-1723, CVE-2012-0507, CVE-2012-4681, CVE-2012-5076. Details or guidelines for each vulnerability are available in the following articles:

We have received reports about a wave of malicious browser extensions trying to hijack Facebook profiles. This threat was first discovered in Brazil. We detect it as Trojan:JS/Febipos.A. The malware is a malicious browser extension specifically targeting Chrome and Mozilla Firefox.

When installed, it attempts to update itself using the following URLs:

Chrome browser:

du-pont.info/updates/<removed>/BL-chromebrasil.crx

Mozilla Firefox browser:

du-pont.info/updates/<removed>/BL-mozillabrasil.xpi

Note: Updated versions of this threat have been verified and are still detected as Trojan:JS/Febipos.A.

To begin with, this Trojan monitors a user to see if they are currently logged-in to Facebook. It then attempts to get a configuration file from the website <removed>.info/sqlvarbr.php. The file includes a list of commands of what the browser extension will do.

Depending on the file, this malware can do any of the following in the Facebook profile of an infected system:

The past few years have brought a proliferation of online services that can be hired to knock Web sites and individual Internet users offline. Once only found advertised in shadowy underground forums, many of today's so-called "booter" or "stresser" services are operated by U.S. citizens who openly advertise their services while hiding behind legally dubious disclaimers. Oh, and they nearly all rely on Paypal to receive payments.

Many of these booter sites are based on the same source code, meaning that any vulnerabilities in that code can be used to siphon data from the back-end databases of multiple, competing services. This happened in March to booter.tw, a service that was used to launch a volley of attacks against this blog, among others.

Today we'll be taking a closer look at another booter service whose customer database was recently leaked: asylumstresser.com (a.k.a. asylumbooter.com/net/us). Like other booter services, asylumstresser.com isn't designed to take down large Web sites that are accustomed to dealing with massive attacks from Internet extortionists. But these services can and are used to sideline medium-sized sites, although their mostcommontargets are onlinegaming servers.

Everybody should know by now that downloading apps from Google Play is not as safe as we all would like. Admittedly, the probability of downloading malware is much smaller than on third party online Android markets, but it still exists.

Webroot researchers have recently unearthed two apps that install additional fonts on an Android device, but also offer a way in for spyware.

The apps in question, Free Galaxy Classic Fonts and Galaxy Fonts, have since been removed from Google Play, but are still offered on their developer's official website.

Once the user downloads and runs one of the apps, and requests it to download and implement a new font, the app downloads the ikno.apk file - a spying app that forwards SMS, call logs, and location information to a web portal where the person doing the spying can review the information.

Even as the U.S. government confronts rival powers over widespread Internet espionage, it has become the biggest buyer in a burgeoning gray market where hackers and security firms sell tools for breaking into computers.

The strategy is spurring concern in the technology industry and intelligence community that Washington is in effect encouraging hacking and failing to disclose to software companies and customers the vulnerabilities exploited by the purchased hacks.

That's because U.S. intelligence and military agencies aren't buying the tools primarily to fend off attacks. Rather, they are using the tools to infiltrate computer networks overseas, leaving behind spy programs and cyber-weapons that can disrupt data or damage systems.

The core problem: Spy tools and cyber-weapons rely on vulnerabilities in existing software programs, and these hacks would be much less useful to the government if the flaws were exposed through public warnings. So the more the government spends on offensive techniques, the greater its interest in making sure that security holes in widely used software remain unrepaired.

Researcher Eric Romang found a connection to University Research Co. of Cambodia, a USAID partner in that country, and the dol[.]ns01[.]us backend serving malware to visitors of the DoL's Site Matrices Exposures website. The sites were compromised and serving javascript that redirects victims using Internet Explorer 8 to sites where additional malware, such as the Poison Ivy remote access Trojan, is downloaded and backdoor connections are established. The IE 8 zero day vulnerability, CVE-2013-1347, is expected to be patched tomorrow by Microsoft, which released a Fix It temporary mitigation last Thursday.

"After a complaint from Goldman Sachs, Bloomberg says it is sorry it let workers access data on clients to guide news coverage"

Bloomberg News has admitted some of its journalists could access client information from terminals used for market updates, after claims employees used the data to guide their coverage and chase leads.

Goldman Sachs had complained about the practice last month, leading Bloomberg to change its policy.

According to a person familiar with the matter, the investment banking firm became concerned when a Bloomberg reporter, contacted them to investigate what she believed was the departure of a Goldman employee. Her interest had apparently been sparked because the worker had not accessed a Bloomberg terminal for a number of weeks, AP reported.

For Bloomberg's journalists to access this information would be a breach of customer privacy, Goldman complained.

Court documents from a drug trial in Kentucky have revealed that the U.S. federal Bureau of Alcohol, Tobacco, Firearms and Explosives nor any other U.S. local, state, or federal law enforcement agency are able to break the hardware encryption on an iPhone 4S device or higher, so they have resorted to asking Apple to do it for them.

In fact, the move is so popular with law enforcement agencies, that Apple has been forced to create a "waiting list" to handle all requests.

In this particular case the agents had to wait at least seven weeks for their request to be handled, and the whole process seems to have taken at least four months.

It is also largely unknown how Apple does it - it is only confirmed that once Apple analysts bypass the passcode, they download the (probably decrypted) contents of the phone to an external memory device and ship it to the law enforcement agency that requested it.

Mobile security vendor Lookout plans to start flagging as adware mobile apps that use aggressive ad networks if they don't obtain explicit consent from users before engaging in behavior that potentially invades privacy.

Ad networks, advertisers and app developers have until June 24 to start conforming to the company's set of privacy and security best practices for mobile app advertising if they want to avoid being blacklisted.

"In 45 days, Lookout will classify as adware, ad networks that do not request explicit and unambiguous user consent for the following actions: display advertising outside of the normal in-app experience; harvesting unusual personally identifiable information; perform unexpected actions as a response to ad clicks," Jeremy Linden, security product manager at Lookout, said Friday in a blog post.

According to a study released by Bitdefender in March, the number of adware apps for Android devices increased by 61 percent during a five-month period ending in January. In the U.S. in particular, the number of adware apps increased by 35 percent during the same period.

Adblock Plus hits back at German newspapers urging readers to disable the free-to-use ad blocker

Adblock Plus, a free-to-use service that blocks unwanted adverts across the Web, has responded to a number of news outlets in Germany that are encouraging their readers to disable the free-to-use adblocker on their respective sites.

Spiegel Online, Sueddeutsche.de, Faz.net, Zeit, Golem.de and RP Online launched a joint campaign asking users to abandon the tool, or at the very least setup an exception rule for their particular site.

The top of the Spiegel Online front page says (translated): "Spiegel Online is for you free of charge. We're entirely funded by advertising. Adblocker means for us that we do not get paid for our work. We therefore ask you to refrain from Adblocker or allow an exception rule for Spiegel Online."

A link then redirects users to a separate webpage explaining, in detail, how they can set up an exception rule for any of the supported browsers.

Till Faida, co-founder of Adblock Plus, defended the service and said it was "part of the solution, not the problem."

In April 2013, Symantec was alerted to a series of sophisticated social-engineering attacks targeting a limited set of organizations in Europe. The most distinguishing feature of these attacks is that the victim will receive a phone call from the attacker who impersonates an employee or business associate of the organization. The caller spoke in French and asked the victim to process an invoice that they were to receive in an email.

Here is an example of an email that was received during one of the attacks. The email typically contains a malicious link or an attachment, which is actually a variant of W32.Shadesrat, a Remote Access Trojan (RAT). [Screenshot]

There is evidence to suggest that these attacks began as early as February 2013, however, it was only more recently in April that phone calls were being placed prior to sending the victim the phishing email. The attacks are currently localized to French organizations but have also included subsidiaries that operate outside of France. [Screenshot]

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Track this thread and email me when there are updates.Please read before posting

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Old Thread Warning!

This thread is more than days old. It is very likely that it does not need any further discussion and replying to it will serve no purpose. However, if you feel it is necessary to make a new reply, you can still do so.

I am aware that this thread is old, but I still want to post a reply.

Checkbox must be checked in order to post in this old thread.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.